From bcdb022bb0920ac0976c6fbb6c4af6ee9863f94c981a24e7e26b3e13f2861af1 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 9 Mar 2022 10:34:57 +0000 Subject: [PATCH] - Mozilla Thunderbird 91.7.0 * Thunderbird will use the first occurrence of headers that should only appear once * Auto-complete incorrectly changed a pasted email address to the primary address of a contact * Attachments with filename extensions that were not registered in MIME types could not be opened * Copy/Cut/Paste actions not working in Thunderbird Preferences * Improved screen reader support of displayed message headers MFSA 2022-12 (bsc#1196900) * CVE-2022-26383 (bmo#1742421) Browser window spoof using fullscreen mode * CVE-2022-26384 (bmo#1744352) iframe allow-scripts sandbox bypass * CVE-2022-26387 (bmo#1752979) Time-of-check time-of-use bug when verifying add-on signatures * CVE-2022-26381 (bmo#1736243) Use-after-free in text reflows * CVE-2022-26386 (bmo#1752396) Temporary files downloaded to /tmp and accessible by other local users - Mozilla Thunderbird 91.6.2 MFSA 2022-09 * CVE-2022-26485 (bmo#1758062) Use-after-free in XSLT parameter processing * CVE-2022-26486 (bmo#1758070) Use-after-free in WebGPU IPC Framework OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=626 --- MozillaThunderbird.changes | 35 ++++++++++++++++++++++++++++ MozillaThunderbird.spec | 4 ++-- l10n-91.6.1.tar.xz | 3 --- l10n-91.7.0.tar.xz | 3 +++ tar_stamps | 8 +++---- thunderbird-91.6.1.source.tar.xz | 3 --- thunderbird-91.6.1.source.tar.xz.asc | 16 ------------- thunderbird-91.7.0.source.tar.xz | 3 +++ thunderbird-91.7.0.source.tar.xz.asc | 16 +++++++++++++ 9 files changed, 63 insertions(+), 28 deletions(-) delete mode 100644 l10n-91.6.1.tar.xz create mode 100644 l10n-91.7.0.tar.xz delete mode 100644 thunderbird-91.6.1.source.tar.xz delete mode 100644 thunderbird-91.6.1.source.tar.xz.asc create mode 100644 thunderbird-91.7.0.source.tar.xz create mode 100644 thunderbird-91.7.0.source.tar.xz.asc diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 44239b4..ff09c6c 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Sun Mar 6 13:02:02 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Thunderbird 91.7.0 + * Thunderbird will use the first occurrence of headers that should + only appear once + * Auto-complete incorrectly changed a pasted email address to the + primary address of a contact + * Attachments with filename extensions that were not registered in + MIME types could not be opened + * Copy/Cut/Paste actions not working in Thunderbird Preferences + * Improved screen reader support of displayed message headers + MFSA 2022-12 (bsc#1196900) + * CVE-2022-26383 (bmo#1742421) + Browser window spoof using fullscreen mode + * CVE-2022-26384 (bmo#1744352) + iframe allow-scripts sandbox bypass + * CVE-2022-26387 (bmo#1752979) + Time-of-check time-of-use bug when verifying add-on signatures + * CVE-2022-26381 (bmo#1736243) + Use-after-free in text reflows + * CVE-2022-26386 (bmo#1752396) + Temporary files downloaded to /tmp and accessible by other + local users + +------------------------------------------------------------------- +Sun Mar 6 12:49:36 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Thunderbird 91.6.2 + MFSA 2022-09 + * CVE-2022-26485 (bmo#1758062) + Use-after-free in XSLT parameter processing + * CVE-2022-26486 (bmo#1758070) + Use-after-free in WebGPU IPC Framework + ------------------------------------------------------------------- Tue Feb 15 09:13:06 UTC 2022 - Wolfgang Rosenauer diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index b3aaa97..39a765c 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 91 -%define mainver %major.6.1 -%define orig_version 91.6.1 +%define mainver %major.7.0 +%define orig_version 91.7.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} diff --git a/l10n-91.6.1.tar.xz b/l10n-91.6.1.tar.xz deleted file mode 100644 index 1657fc5..0000000 --- a/l10n-91.6.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4710c00b9d743ba889daf402a57344b61c7baeaef9f153f1edd43b036d082fa7 -size 28842132 diff --git a/l10n-91.7.0.tar.xz b/l10n-91.7.0.tar.xz new file mode 100644 index 0000000..fd666cc --- /dev/null +++ b/l10n-91.7.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a0611c73de1794a6d01da5ac5bb10084aaac7e50cbc9f068246d241defb2cefc +size 28835196 diff --git a/tar_stamps b/tar_stamps index 1382494..d65c5ea 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr91" -VERSION="91.6.1" +VERSION="91.7.0" VERSION_SUFFIX="" -PREV_VERSION="91.6.0" +PREV_VERSION="91.6.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91" -RELEASE_TAG="ead04f72567a3f690d9ad5218a7e5e2d264cb067" -RELEASE_TIMESTAMP="20220214162907" +RELEASE_TAG="c936367e9d73e790fc2e6aa16a64ec6d55ab0379" +RELEASE_TIMESTAMP="20220302151026" diff --git a/thunderbird-91.6.1.source.tar.xz b/thunderbird-91.6.1.source.tar.xz deleted file mode 100644 index 2de2a50..0000000 --- a/thunderbird-91.6.1.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:971d1a5bed2282b4a04fb35910a36c6e6be5ad282191b81d7278fd95cdeec88d -size 401419556 diff --git a/thunderbird-91.6.1.source.tar.xz.asc b/thunderbird-91.6.1.source.tar.xz.asc deleted file mode 100644 index b5b19e2..0000000 --- a/thunderbird-91.6.1.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmIKo5gACgkQ6+QekPbx -L23A0RAAsDnSSkxuKDo9F3YAGz65hEsGsg6uG6LJkKkA2lOSS0e9aPq9ZHdwIxds -z0NnTFQ3ehRV80iRXZldEcjYEw6+BcDyAWm1DM7jVIUzGAaVEg93hpm7NDNw2IFs -hPWQpIG3L6HAIRBrUbUhPIB3J62b7j7BinOUiM9k8ovW0lM5O/m08sP1Z5DKwjbP -Pc0txXu/FW8RsuoUZXv8yvnobe/HP4K+LHrBzzwcfEsJGMEKnR7A0cW7mLgsrFnI -5okb+g4hWQDqd3QGXh8SnUHShAuZJFxWztR6jL/cArE4UlrxFLzKo4D6/R8fY1ev -OwroaK7H62qDS7eGBY5EJBtZ64o30e1lNnm83dX9HpwuWn6UV4kHBF8a5UjU0Rv6 -fFu+fxfHICZpjLPOa9tdAlVvroquReizE/+n38L1R0LbrQFxZap2ZK+g2v31JVrt -9kP+Dd1X+/EAjJDXgCY9OG0v3XUoXKS5ZRBkXP2T6UxFYmINFv30JYihCykGk6nP -kbUO93oxQhGzvkBzomh4DHTCwwomk48SoB5ZmwGpjS9Evu2nIq9j7uKkqQ+QUx0f -zeoNL5Nmr2Jtf9oVbBTpZw2z3YN2hY9JK+R1xfjadUTWXvHX5Ermo+bii8mqEjvm -JDrowurebW9ZYHMN9KCqA7Zyb8lUVgOR+Tl93WbYWbecH7h+gbc= -=4ody ------END PGP SIGNATURE----- diff --git a/thunderbird-91.7.0.source.tar.xz b/thunderbird-91.7.0.source.tar.xz new file mode 100644 index 0000000..281a83a --- /dev/null +++ b/thunderbird-91.7.0.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:624a51870bd2e0d9b259082e836df84981f01b0b397d13d93d7f1b9ccef24e05 +size 409451024 diff --git a/thunderbird-91.7.0.source.tar.xz.asc b/thunderbird-91.7.0.source.tar.xz.asc new file mode 100644 index 0000000..20971c1 --- /dev/null +++ b/thunderbird-91.7.0.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmImYLcACgkQ6+QekPbx +L22ceA/6AziO+YWauT+3IN8baNiOclr33GEBPqpkAQIAXnYbuSqJyG1mL/Bykp5W +A/LLiqEyDTmFk+Gf1RQtV8qdCtjnslHbGtg7H8rqPSyMdrxQNTaqI365d765mYmw +JtP35W4quC/WAn+ky66Mr2CK+CopQ6kjhuXV5ndfV4UdF7JgNkJ9oU2OMvhtqbkK +sWV3Vog1MvtV9gXMLjGPeG8jI9X11c5wgku/9C1apRFbUCTSLvil2XReMY0M9xzO +KXmpXKsa3LwB36reX8pZp3bmwrZ2BCFSVM67v40rsx6yyKVx20D/TqUoJFRt0uxZ ++g9AFe80WWHKaTQ4bYVXxlYG8My1Lh15jmViHASaNWvqh3jpX+SQd+lfPLqKpPL/ +HITDJdBrclbPBg83a5DrQtMnG9P9FHi1VIKcSDAHY0lIgtnXxQD1iHF2k30DXy1a +YGtLbogM/OD4NSejsP6CvIt0VphmfKDMJ3ZWi7KFWooO2E7BXi+FVeqojxkbSQub +em0Mm2CkIs2AGhkH4VLWRYBAjK78iY9+TbsLK//qwR/aGe9KbEIAHRZjwqX6vP8v +86Hi8yJPZ4WrAIjkmtJy8kHuWi9JlAZ7q4MlPy+Efz0WZQHKuyQ2YyIOnTiAUPVM +OPdAerRD7JUKlk8RB3PgTojkCYG6n54JsuUpqz9IXt8bUM+h8Fo= +=FVAJ +-----END PGP SIGNATURE-----